{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

10/11/2019
linkedin facebook twitter instagram
WorkScoop
Insurance experts tell us that a new initiative from Marsh signals a larger change for cyber coverage. The NSA's Cybersecurity Directorate is going to work a little differently than its predecessor. And FIN7 scammers are at it again. This is CyberScoop for Friday, October 11.

Cyber insurers are angling for more control over security

The cyber insurance industry is taking baby steps away from a long and messy infancy. Headlines have fixated on how big firms like AIG and Zurich have been locked in legal disputes over specific claims, but insurers are now trying to be more proactive with customers. The smartest approach for everyone, they say, is to prevent breaches from happening in the first place. Key to that — and to saving money — is trying to identify the products that are most effective. Marsh, the global insurance broker and risk adviser, last month published its first list of Cyber Catalyst-designated products, a tag given to 17 services that a group of insurance firms says its clients should consider. Jeff Stone has more on what's going on.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


NSA fires up its shiny new directorate

The National Security Agency’s new Cybersecurity Directorate, charged with helping protect the defense industrial base and sensitive government computers, has formally launched. Just this week the new directorate acted on one of its new goals: sharing information on foreign adversaries with industry to help them better defend against their specific technical capabilities. But there’s something that sets this outfit apart from previous NSA efforts, Neal Ziring, the technical director for the new directorate, told reporters. Prevention used to be the focus, but now "we’re trying to make sure we pay attention to both angles and let them work together,” he said. Ziring and the new director, Anne Neuberger, also detailed how they are thinking through the directorate’s relationship with the Department of Homeland Security. Shannon Vavra reports from Fort Meade.


How cyberattacks help China impose its will internationally

Censorship only is one aspect of Beijing's quest to stamp out global attention on pro-democracy protests in Hong Kong. The government also relies on distributed denial-of-service attacks to flood websites with falsified traffic, as the Electronic Frontier Foundation reminded followers Thursday. China, in recent months, has aimed its Great Cannon at the encrypted messaging app Telegram, a forum where Hong Kong demonstrators gathered online and social media outside the government's control. It's a fundamentally anti-democratic approach that, of course, complements the government's ongoing use of disinformation and malware. EFF contextualized all of it here.


FIN7 is still busy

FIN7, the Eastern European hacking crew that has stolen more than $1 billion, is deploying new malicious code in multiple recent compromises in the hospitality industry, FireEye said Thursday. The more interesting code sample is a payload that tampers with a remote IT administration tool, potentially giving hackers prime access to payment card processors. It's the latest sign that, despite U.S. indictments and arrests of its alleged members, FIN7 is thriving. Sean Lyngaas reports on the crooks’ latest intrusions.


Pentagon hopes for help squashing more bugs

Bug bounty platform HackerOne, together with the Pentagon’s Defense Digital Service, announced on Thursday that they’ve officially launched Hack the Army 2.0. The four-week-long challenge will allow ethical hackers to try finding vulnerabilities within more than 60 publicly accessible web assets. Find and report one, and you’ll be paid for your efforts. The opportunity is open to members of the military and government civilians, as well as individuals “invited” by HackerOne. During the first contest, held in November and December 2016, 371 participants found 118 valid vulnerabilities and were awarded a total of roughly $100,000 for their discoveries. Tajha Chappellet-Lanier has the news.


Mississippi just asked how state orgs encrypt data. The answers are bleak.

The first-ever governmentwide survey of Mississippi’s cybersecurity policies returned unsettling results, with large volumes of residents’ personal data not being protected, several agencies not having written procedures about how to respond to a cyberattack, and dozens of them ignoring the legally required review altogether. The findings were revealed in an Oct. 1 report by Mississippi's auditor, who is trying to determine which entities are out of compliance. The enterprise security program — along with federal laws — requires that specific kinds of personal data be encrypted. But the auditor’s office found that 38% of responding agencies did not encrypt sensitive information pertaining to health records, taxes or student records. Benjamin Freed has more at StateScoop.


Tweet Of The Day

Image

What fresh horrors await on the other side of this door? (Thanks for the tweet, @pokalope.)


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}